Author: Lauren Papagalos Page 16 of 17

Stopping the Insider Threat to Website Security

As we continue to watch the global fallout of the leaking of the NSA’s secret surveillance of everything from phone calls to Facebook, one of the more interesting and perhaps disturbing revelations was that the embarrassing leak of top secret U.S. spying operations came from a trusted insider.

What was perhaps even more disturbing was the fact that the alleged whistle-blower had largely unsupervised access to some of the biggest U.S. intelligence secrets, in spite of the fact that he was only on the job for a few years and actually started as a facilities security guard.

Read More

The State of Small Business Website Security

When it comes to website security, many small businesses are in a constant state of change. Changing from a state of denial “I don’t need security because I have nothing to steal and I’m too small for hackers to find me anyway” to a state of panic “Oh no! I’ve just found out I’ve been hacked, they’ve been using my website to spread malware for months and now I’m blacklisted by the search engines.”

That’s the unfortunate state of small business web security, and it usually starts with the word don’t. That’s because most small business owners simply:

  • Don’t give website security a second thought because they’re too busy with more pressing matters, like trying to meet this month’s payroll.
  • Don’t think they’re big enough for hackers to bother with, not realizing that hackers now use automated tools that will easily sniff out unprotected websites in a matter of seconds.
  • Don’t think small businesses are targets in general, in spite of the numerous studies that suggest they could actually be the top target.
  • Don’t think they have anything worth attacking or stealing, although hackers think otherwise.
  • Don’t know where to start with security and how to even begin plugging those holes and so keep putting it off.
  • Don’t know what to do if they are hacked – which is usually the last step before that state of panic.

So much of the panic could be alleviated if small business owners took just a little time out of their busy schedule to think about security and understand how bad security or none at all can destroy a business, and how good security is a business enabler.

Bill Gates, co-founder of Microsoft, maintained that when it comes to business, security is job one. If you’re not protecting your website, it could turn into your greatest liability. Time and money are not an excuse because good security is automated, always on, and very affordable (I don’t want to say cheap in case you get the wrong idea but I really do mean cheap).

And good security leads everyone – you, your customers, your employees, and even your credit card processor – toward a state of bliss. Start on your journey by simply making sure that the next time the automated tool of a ruthless hacker comes sniffing around your website, you’ve beaten them to the punch and closed all the holes.

A great way to close these holes is by implementing website security solutions such as a Web Application Firewall and a scanner to detect potential infections. For more information on how these types of solutions can layer into your existing website call SiteLock at  855-378-6200.

Implementing Password Security

Seems like every few months another blogger or security maven laments the passing of the password, a security tool that has outlived its usefulness and should now be replaced with something more of the times, more effective, more secure.

And while the password might be on life-support, it’s not quite gone. Which means you still have to take it very seriously, because in most cases it’s the only security you may have.

And you should also learn to accept that if the password is mortally wounded, it might be partly your fault. Because we know, we have hard evidence, that passwords have been weakened by their owners.

Read More

SiteLock: 2012 Wrap Up

Last year was filled with growth and innovation at the SiteLock office. This infographic shows some of our most notable accomplishments and activities from 2012. We are looking forward to a great 2013!

Sitelock-Infographic-External

SiteLock Website Security

Website Security Tips for Cyber Monday

With the growing popularity of the Internet over the past decade, the retail holiday Cyber Monday debuted in 2005 as the online version of Black Friday. It quickly became one of the biggest online shopping days of the year, and by 2011 consumers were spending $1.25 billion online on the Monday after Thanksgiving.

  • 25% of U.S. consumers’ spending during the holiday season is through an online retailer
  • It is estimated that throughout the 2012 holiday season, online shoppers will spend over $54 billion, an increase of almost 17% from last year

While this influx of holiday shoppers purchasing gifts for themselves and loved ones is great for online businesses, there are risks that come along with the rewards. Santa’s not the only one sneaking around this season; website hackers are on-the-go and they’re bringing something even worse than lumps of coal – viruses, malware and more.

  • Websites experience over 22 attacks per day on average, according to recent SiteLock data.

Protect Your Website in time for Cyber Monday

If you’re the owner of an eCommerce website, it’s important to stay proactive about protecting your online reputation.

  • Make sure you have the proper protection plan in place for your website’s size and complexity.
  • If your business accepts credit cards as a form of payment, be sure that you are PCI compliant to avoid facing fines and jeopardizing the privacy of your customers’ financial data.
  • If your site is already safe and secure, display a security badge (such as the SiteLock Trust Seal), to show your visitors that you care about their safety and increase your sales conversions.

Tips to Avoid Falling Victim to Cyberattacks

  • Beware of unsolicited emails that look like a coupon or promotion from a company; they could be a phishing scam that attempts to steal your credit card information. Before you open an email that looks like a coupon or promotion, check the sender’s address to make sure it doesn’t look suspicious.
  • When shopping on a website, make sure that the company’s URL is secure. If the URL starts with “HTTPS” it is a secure site; if not, your information may be susceptible to data mining.
  • If you discover an online store that’s offering unbelievable sale specials, do some research to make sure that it is not a fake front that will disappear later in the day. Use online business reviews or social sites to check the legitimacy of these stores before you provide them with any of your information.

For questions regarding your safety online, the SiteLock security experts are happy to answer any questions you may have! Don’t hesitate to give us a call at 855.378.6200.

Celebrate Small Business Saturday!

Saturday, November 24, 2012, is the second annual Small Business Saturday – a day created to celebrate the success of entrepreneurs across the nation and all that they do for the community. Originally conceived by American Express, the shopping holiday is sandwiched between Black Friday and Cyber Monday and encourages consumers to buy from small, local brick and mortar businesses.

Here at SiteLock, we aid small businesses each day by protecting their online presence and customers’ data. We encourage you to shop at the small businesses in your area this Saturday and support this nationwide effort. Here are some ways that you can participate:

Read More

Web Application Security

The SiteLock SMART Malware Scanner Dashboard

In our last post, we introduced you to the new automatic malware scanner SiteLock is offering to its customers, SiteLock Secure Malware Alert and Removal Tool (SMART).   We discussed the setup and configuration of the scanning system. Now, we’re going to show you the tool’s dashboard and reporting options that detect and display any malicious pieces of code that are hidden in your website.

The SMART Dashboard

Now that SMART has been configured and has started scanning your website files, it’s time to take a look at the results.   Before we do, there are a few things about the interface you should know about:

SMART malware scanner dashboard

Read More

Web Application Security

Configuring The SiteLock SMART Malware Scanner

SiteLock is proud to present our latest feature in our dashboard, a malware scanner that not only finds the malicious code in your website but can also automatically remove it.  This new scanning tool is called SiteLock Malware Automated Removal Tool, or SMART.

The Basics Of SMART

SMART has the ability to use the (S)FTP credentials for your website to connect to your hosting server and scan the files hard-coded in your site for malicious scripts, viruses, and other unwarranted code detected on your site.

At your request, or automatically, SMART can even remove some of the malicious code from your website and send the clean version back into place. With this tool, you can stay protected from hackers who try to break into your website’s information.

In this blog post, we’re going to discuss setting up and configuring SMART. It is essential that the configuration is set appropriately in order for the malware scanner to be able to effectively monitor for malware, and clean it from infections.

Read More

Google blacklist

SiteLock Incorporates Google Blacklist Data Into Scanner

Improved Identification Of Malicious Links

SiteLock has recently upgraded its scanner to better utilize Google blacklist data.  It makes use of the newest version of the SafeBrowsing API by Google, to scan and detect links to malware and phishing on websites. This update also includes the detection of specific domains on Google’s malware/phishing lists. If your website has been blacklisted by Google for containing links to any of these blacklisted domains, SiteLock now provides comprehensive steps to help you quickly remedy the situation so you’re back in the green in no time.

What Do I Do If My Website Is Blacklisted?

If your domain or a page on your site has been blacklisted as “malicious,” here are some steps you can take to help quickly get your domain removed from the list:

Read More

XSS vulnerability - cross-site scripting

Beware of Cross-Site Scripting!

The popularity of blogging software, with all its vulnerabilities, has spawned thousands of malicious cross-site scripting attacks. With each technological advance, new targets are created for the unscrupulous hacker.

Who Has Been Targeted With Cross-Site Scripting?

Hackers have not neglected immense commercial sites. Facebook, PayPal, Hotmail, Gmail and Twitter have all had issues with cross-site scripting. Often referred to as XSS, cross-site scripting is a major threat to blogs. Owners of blogs should be aware of the dangers, and what actions must be taken to prevent a cross-site scripting attack on their site.

Blog Vulnerabilities and XSS

Most cross-site scripting vulnerabilities take place on server-side code, while DOM (document object model) is a method used by hackers to exploit vulnerabilities on client-side code. Running antivirus or spyware blockers provide some protection, but not nearly enough to prevent attacks from outside.

Read More

Page 16 of 17

Powered by WordPress & Theme by Anders Norén